US20160359617A1 - Systems and methods for a multiple value packing scheme for homomorphic encryption - Google Patents
Systems and methods for a multiple value packing scheme for homomorphic encryption Download PDFInfo
- Publication number
- US20160359617A1 US20160359617A1 US14/590,479 US201514590479A US2016359617A1 US 20160359617 A1 US20160359617 A1 US 20160359617A1 US 201514590479 A US201514590479 A US 201514590479A US 2016359617 A1 US2016359617 A1 US 2016359617A1
- Authority
- US
- United States
- Prior art keywords
- data values
- encrypted
- encrypted payloads
- payloads
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Definitions
- the subject matter discussed herein relates generally to data processing and, more particularly, to systems and methods for homomorphic encryption using a multiple value packing scheme.
- a database database as a service, or cloud database operation may be performed.
- the database server may holds the data of the user (e.g., user transport data), and the user may perform an operation on the data (e.g., a query).
- the user may have data which is sensitive, which he or she does not want the server (e.g., cloud owner) to know.
- plaintexts V 1 and V 2
- One of the properties of homomorphic cryptography is that the product of two ciphertexts C 1 and C 2 will decrypt to the sum of their corresponding plaintexts V 1 and V 2 .
- the subject matter includes computer-implemented methods for performing homomorphic encryption to generate a summation, including, at a client, receiving a plurality of encrypted payloads, and of the encrypted payloads having a plurality of data values; and multiplying one or more of the data values of one of the encrypted payloads by one or more other data values in one or more of the other encrypted payloads, to generate a product that represents the summation of data values corresponding to the multiplied one or more data values of the one of the encrypted payloads and the one or more other data values in the one or more other of the encrypted payloads.
- the subject matter also includes a computer-implemented method of performing homomorphic encryption to generate a summation, including at a server, at a server, generating a plurality of encrypted payloads, each having a plurality of data values, wherein the data values of each of the encrypted payloads are positioned at a lower half of each of the encrypted payloads, and an upper half of each of the encrypted payloads is empty.
- the subject matter includes a computer-implemented method of performing homomorphic encryption to generate a summation, the method including at a server, generating a plurality of encrypted payloads, each having a plurality of data values; and at a client, receiving each of the encrypted payloads having the plurality of data values; and multiplying one or more of the data values of one of the encrypted payloads by one or more other data values in one or more of the other encrypted payloads, to generate a product that represents the summation of data values corresponding to the multiplied one or more data values of the encrypted payloads and the one or more of the other data values in the one or more other encrypted payloads.
- the methods are implemented using one or more computing devices and/or systems.
- the methods may be stored in computer-readable media.
- FIG. 1 shows a related art approach to packing
- FIG. 2 shows a related art approach to unpacking
- FIG. 3 shows an architecture for the packing tool and the unpacking tool according to an example implementation.
- FIG. 4 shows a packing process according to an example implementation.
- FIG. 5 shows an unpacking process according to an example implementation.
- FIG. 6 illustrates a system process associated with the example implementation.
- FIG. 7 illustrates a server process associated with the example implementation.
- FIG. 8 illustrates a client process associated with the example implementation.
- FIG. 9 shows an example environment suitable for some example implementations.
- FIGS. 10A and 10B show example computing environments with respective example computing devices suitable for use in some example implementations.
- FIG. 1 illustrates a related art approach to homomorphic encryption 100 , employing Paillier encryption (e.g., multiplication of ciphertext, addition of plaintext).
- Paillier encryption e.g., multiplication of ciphertext, addition of plaintext.
- a client 101 and a server 103 are provided.
- the client 101 performs an encryption of a plurality of IDs X 1 . . . Xn . . . using commutative encryption with key f.
- the result of the encryption performed at 105 by the client 101 is sent to the server 103 .
- the commutative encryption may be exponentiation with a secret exponent modulo a large prime.
- the server 103 receives the encrypted IDs f(X 1 ) . . . f(Xn) . . . from the client 101 , and performs an encryption operation with key g, and sends g(X 1 ) . . . g(Xn) to the client 101 . Further, the server 103 encrypts server IDs Y 1 . . . Ym with key g, and sends g(Y 1 ) . . . g(Ym) to the client 101 , along with the value (e.g., spend) Si, encrypted with Paillier homomorphic encryption E.
- the encrypted values of the numbers are provided to the client 101 as individual, separate payloads for each of the numbers (e.g., spend values).
- the server IDs g(X 1 ) . . . g(Xn) are further encrypted with key f to generate fg(Y 1 ) . . . fg(Ym).
- the client 101 performs a checking operation to determine if there is a match or intersection between gf(Xi) and fg(Yj). Such a match or intersection would indicate that Xi equals Yj.
- the client 101 multiplies all of the values of E(Sj), which are the encrypted values of Sj, to generate a product, which will be the same as the encryption of the sum of the clear values of Sj.
- the client 101 may request the server 103 to decrypt the product and return the sum.
- the client 101 may perform a blinding operation, i.e., multiply the product by E(r), to return a random number r.
- the server 103 Paillier decrypts and returns the result to the client 101 .
- the client 101 subtracts random number r from the result sent by the server 103 to the client 101 .
- FIG. 2 illustrates a related art approach 200 to operation 109 as explained above.
- the server 103 sends an encrypted ID and the associated Paillier encrypted spend value (e.g., g(Yi) along with E(Si)).
- FIG. 3 illustrates an example architecture 300 .
- a client side module 303 is provided that generates IDs of the client, and sends the encrypted IDs via the Internet 305 , for example, to the server side module 307 .
- the server side module 307 may encrypt data received from the client side module 303 , such as the client-encrypted IDs.
- the server side module also controls the server packing tool 309 .
- the server packing tool 309 includes a packing tool operator 311 , which controls the server packing tool 309 .
- multiple data values may be packed into a single payload at the command of the packing tool operator 311 , such that the server packing tool 309 provides a plurality of such encrypted payloads to the server side module 307 .
- the server side module 307 provides the encrypted payloads to the client side module 303 . Further details of the encrypted payloads are discussed below with respect to FIG. 4 .
- the client unpacking tool 301 receives the encrypted single payloads. More specifically, an unpacking tool operator 313 performs a series of left-shifting operations on each of the single payloads from the client side module 303 , which were in turn received from the server side module 307 .
- the left-shifting operations use exponentiation to shift the values within the single payloads, such that the desired value is in a prescribed position.
- a product of the encrypted data values is obtained at the client unpacking tool 301 , which is associated with a sum of the plaintext values.
- the client side module 303 may blind the product, and request for the server side module 303 to decrypt and return a blinded sum to the client side module, which unblinds the blinded sum to obtain the plaintext sum that represents the value (e.g., spend value).
- the server side module 303 may blind the product, and request for the server side module 303 to decrypt and return a blinded sum to the client side module, which unblinds the blinded sum to obtain the plaintext sum that represents the value (e.g., spend value).
- FIG. 4 shows an example of a process implementation associated with a packing operation according to the example implementation.
- a client 401 is provided to communicate with a server 403 .
- the client 101 performs an encryption of a plurality of IDs X 1 . . . Xn . . . using commutative encryption with key f.
- the result of the encryption performed at 105 by the client 101 is sent to the server 103 .
- the commutative encryption may be exponentiation with a secret exponent modulo a large prime.
- the server 403 receives the encrypted IDs f(X 1 ) . . . f(Xn) . . . from the client 401 , and performs an encryption operation with key g, and optionally sends g(X 1 ) . . . g(Xn) to the client 401 . Further, at 409 , the server 403 sends to the server 401 the value (e.g., spend) Si, encrypted with Paillier homomorphic encryption E. Optionally, the server 403 encrypts server IDs Y 1 . . . Ym with key g, and sends g(Y 1 ) . . . g(Ym) to the client 401 .
- the server 403 encrypts server IDs Y 1 . . . Ym with key g, and sends g(Y 1 ) . . . g(Ym) to the client 401 .
- the server 403 includes (e.g., packs) multiple values (e.g., four spend values S 1 . . . S 4 ) into a single Paillier payload, which are then encrypted and sent to the client 401 .
- each of the values is separated from other values by a 32-bit guard. In other words, 32 bits of space is provided between S 1 and S 2 , for example. The purpose of the spacing is to allow carryover to not intrude onto neighboring numbers.
- 128 bits may be used to represent each number, assuming that the numbers are 64-bit integers (e.g., int64) having 96 bits of representation, and 32 bits of zeroes as a guard or separator between neighboring numbers.
- 64-bit integers e.g., int64
- 32 bits of zeroes as a guard or separator between neighboring numbers.
- the values only cover the lower half of each of the encrypted payloads.
- the most significant (e.g., upper) half is kept empty. As explained below with respect to FIG. 5 , the upper half may be employed during the unpacking operation for a shifting process.
- the number of bytes that need to be transferred may be reduced by 1/N, where N is the number of values on each of the single payloads.
- the number of bytes that need to be transferred would be reduced by 1 ⁇ 4 (i.e., one-fourth).
- the server IDs g(X 1 ) . . . g(Xn) are further encrypted with key f to generate fg(Y 1 ) . . . fg(Ym).
- the client 401 performs a checking operation to determine if there is a match or intersection between gf(Xi) and fg(Yj). Such a match or intersection would indicate that Xi equals Yj.
- an unpacking operation is performed that involves a shifting operation.
- the client 401 multiplies all of the values of E(Sj), which are the encrypted values of Sj, to generate a product, which will be the same as the encryption of the sum of the clear values of Sj.
- the client 401 may request the server 403 to decrypt the product and return the sum.
- the client 401 may perform a blinding operation, i.e., multiply the product by E(r), to return a random number r.
- the server 403 Paillier decrypts and returns the result to the client 403 .
- the client 401 subtracts random number r from the result sent by the server 403 to the client 401 .
- FIG. 5 illustrates an unpacking operation according to an example implementation.
- server 503 provides the payload 505 to the client 501 .
- the payload 505 is discussed above with respect to FIG. 4 , and further details are omitted for the sake of clarity.
- the client 501 needs to multiply the encrypted values of E(S 3 ), E(S 1 ), E(S 8 ) and E(S 6 ). Accordingly, these encrypted values must be positioned at a prescribed position in the payload. For example, the encrypted values of E(S 3 ), E(S 1 ), E(S 8 ) and E(S 6 ) are positioned in the fourth position 507 in FIG. 5 . Accordingly, the encrypted values in all other positions will be ignored.
- the encrypted values of E(S 3 ), E(S 1 ), E(S 8 ) and E(S 6 ) must be shifted to the fourth position 507 to perform the multiplication of these encrypted values.
- the Paillier-encrypted ciphertext is exponentiated by 2 , which moves the corresponding plaintext value one bit to the left.
- the ciphertext product of the encrypted data values that is produced represents a sum of the plaintext associated with a sum of the data values of the ciphertext.
- the shifted ciphertext is multiplied to produce a ciphertext, for which the underlying plaintext is the sum of S 3 +S 1 +S 8 +S 6 .
- the server IDs g(X 1 ) . . . g(Xn) are further encrypted with key f to generate fg(Y 1 ) . . . fg(Ym).
- the client 501 thus performs a checking operation to determine if there is a match or intersection between gf(Xi) and fg(Yj). Such a match or intersection would indicate that Xi equals Yj.
- the client 501 multiplies all of the values of E(Sj) associated with the each of the plurality of single payloads, which are the encrypted values of Sj, to generate a product, which will be the same as the encryption of the sum of the clear values of Sj.
- the client 501 may request the server 503 to decrypt the product and return the sum.
- the client 501 may perform a blinding operation, i.e., multiply the product by E(r), to return a random number r.
- the server 503 then Paillier decrypts and returns the result to the client 501 .
- the client 501 subtracts random number r from the result sent by the server 503 to the client 501 .
- the client 501 may ignore numbers in the position other than the prescribed position 507 .
- the client 501 only needs to extract the value of the prescribed position (e.g., fourth position in element 507 of FIG. 5 ). Further, because of the 32 guard bits adjacent to each encrypted data value, adding to the neighboring encrypted data values does not carry over into other positions.
- a Damgard version of Paillier encryption may be employed.
- ciphertexts that are (s+1)/s times larger than the payload may be employed.
- a 4096 bit (e.g., 512 byte) ciphertext and a 3072 bit payload results, such that 30 numbers can be fit into the payload. Accordingly, each encryption has a greater associated cost, but fewer encryptions are required, due to the larger numbers.
- FIGS. 6-8 illustrate example processes associated with the foregoing example implementation.
- processes 600 - 800 may be implemented with different, fewer, or more blocks.
- Processes 600 - 800 may be implemented as computer executable instructions, which can be stored on a medium, loaded onto one or more processors of one or more computing devices, and executed as a computer-implemented method.
- FIG. 6 illustrates an example process 600 according to one or more of the foregoing example implementations.
- a client encrypts a plurality of values X 1 . . . Xn.
- the values X 1 . . . Xn may be encrypted using a Paillier encryption scheme.
- the corresponding encrypted values f(X 1 ) . . . f(Xn) are then provided to a server.
- a server receives the encrypted values f(X 1 ) . . . f(Xn) and performs an encryption operation on these values.
- the resulting values encrypted by the server e.g., Paillier encryption
- the server encrypts (e.g., Paillier encryption) and sends g(Y 1 ) . . . g(Ym) to the client.
- a plurality of single payloads E[(S 1 ) . . . (Sn)], each including a plurality of the values (e.g., spend values), are generated.
- the single payloads E[(S 1 ) . . . (Sn)] each maintain the most significant bits (e.g., upper half) as empty, and provide the encrypted data values in the lower half As explained above, the encrypted data values are spaced apart by guard bits in each of the payloads E[(S 1 ) . . . (Sn)].
- an operation may be performed at the server on the encrypted data values, wherein the encrypted data values E[(S 1 ) . . . (Sn)] represent a vector of one or more of the data values at a plurality of positions.
- the operation at least one of multiplying the encrypted payloads E[(S 1 ) . . . (Sn)] by an encryption of constant values, and multiplying the encrypted payloads E[(S 1 ) . . . (Sn)] to shift the positions of the data values that are associated with the vector, in the payload, may be performed.
- operations are performed to determine an intersection based on matching between the IDs provided by the client and the server.
- the client encrypts g(Y 1 ) . . . g(Ym) to obtain fg(Y 1 ) . . . fg(Ym).
- the client checks for a match between fg(Yj) and the above-explained gf(Xi) at 620 . Based on operations 615 and 620 , an intersection is determined.
- a shifting operation is performed as explained above with respect to FIGS. 4 and 5 .
- the shifting and exponentiation process as described above is performed.
- the encrypted data values as represented by E(Sj) at the appropriate left-shifted position are multiplied, for each of the encrypted payloads E[(S 1 ) . . . (Sn)].
- a product of the encrypted data values in each of the single payloads E[(S 1 ) . . . (Sn)], that is associated with a sum of the plaintext values, is generated.
- the one or more data values of the one of the encrypted payloads E[(S 1 ) . . . (Sn)] may be at a first position (i) in the vector, and may be multiplied by the one or more other data values in the one or more of the other encrypted payloads E[(R 1 ) . . .
- operations 630 and 635 may be performed.
- the client performs an encryption operation on the product by encrypting a random number r to generate an encrypted value of the random number r as E(r), which is multiplied by the product.
- a request is sent to the server to decrypt the blinded product.
- the server thus decrypts the blinded product, and returns the blinded sum to the client.
- the client receives the blind sum and subtracts r to generate the plaintext sum.
- FIG. 7 illustrates a process 700 according to an example implementation associated with example server-side operations of the present inventive concept.
- a server receives f(X 1 ) . . . f(Xn) from, for example, a client, which are encrypted values of client IDs X 1 . . . Xn.
- the server performs an encryption of f(X 1 ) . . . f(Xn) to generate and send gf(X 1 ) . . . gf(Xn) to the client.
- the server generates and encrypts IDs Y 1 . . . Ym, and thus sends g(Y 1 ) . . . g(Ym) to the client.
- data values S 1 . . . Sn are placed in a single payload E[(S 1 ) . . . (Sn)] and an encryption operation is performed on the data values, to generate encrypted data values E(S 1 ) . . . E(Sn), which are spaced apart by guard bits as explained above.
- the encrypted data values E(S 1 ) . . . E(Sn) are positioned in the lower half of each of the payloads, such that the upper half of the payloads (e.g., most significant bits) is left empty.
- an operation may be performed at the server on the encrypted data values, wherein the encrypted data values E[(S 1 ) . . . (Sn)] represent a vector of one or more of the data values at a plurality of positions.
- the operation at least one of multiplying the encrypted payloads E[(S 1 ) . . . (Sn)] by an encryption of constant values, and multiplying the encrypted payloads E[(S 1 ) . . . (Sn)] to shift the positions of the data values that are associated with the vector, in the payload, may be performed.
- the server optionally receives a request to decrypt a blinded product for E(Sj).
- the server may receive the blinded request as explained above in FIG. 6 .
- the blinded product is decrypted and provided to the client.
- FIG. 8 illustrates a process 800 according to an example implementation associated with example client-side operations of the present inventive concept.
- the client encrypts IDs X 1 . . . Xn as f(X 1 ) . . . f(Xn), and sends the encrypted values to the server.
- the client receives server-encrypted values of the client IDs X 1 . . . Xn as gf(X 1 ) . . . gf(Xn) and encrypted IDs of the server IDs Y 1 . . . Ym as g(Y 1 ) . . . g(Ym).
- the client receives a plurality of packed payloads, each including E[(S 1 ) . . . (Sn)] as a single payload with upper half empty and lower occupied with the data values, as explained above with respect to FIG. 6 .
- operations are performed to determine an intersection based on matching between the IDs provided by the client and the server.
- the client encrypts g(Y 1 ) . . . g(Ym) to obtain fg(Y 1 ) . . . fg(Ym).
- the client checks for a match between fg(Yj) and the above-explained gf(Xi) at 820 . Based on operations 815 and 820 , an intersection is determined.
- a shifting operation is performed as explained above with respect to FIGS. 4 and 5 .
- the shifting and exponentiation process as described above is performed. Accordingly, the encrypted data values as represented by E(Sj) at the appropriate left-shifted position are multiplied. Thus, a product of the encrypted data values that is associated with a sum of the plaintext values is generated.
- the one or more data values of the one of the encrypted payloads E[(S 1 ) . . . (Sn)] may be at a first position (i) in the vector, and may be multiplied by the one or more other data values in the one or more of the other encrypted payloads E[(R 1 ) . . .
- operations 830 and 835 may be performed.
- the client performs an encryption operation on the product by encrypting a random number r to generate an encrypted value of the random number r as E(r), which is multiplied by the product.
- a request is sent to the server to decrypt the blinded product.
- the server thus decrypts the blinded product, and returns the blinded sum to the client.
- the client receives the blind sum and subtracts r to generate the plaintext sum.
- the plurality of the elements in the payload may be a vector, as explained below.
- Ciphertexts of public key encryption may be large with respect to the plaintext data element, which is substantially shorter than the ciphertexts. Further, the sum of the plaintexts is substantially shorter than the size of a ciphertext. Accordingly, in this alternative example implementation, the encryption payload may represent a plurality or a positioned plurality (e.g., a vector) of element values, and may thus save significant space.
- multiplying the encrypted payload adds the payload element in the vector per-position, and may simplify the adding of a position i at a first vector encryption with position j element, where j is different from i, at a second vector encryption.
- the present example implementation provides a method that allows the homomorphic operation to be performed across the positions. Accordingly, the resulting encrypted vector will have at some position k the result (e.g., sum) of the elements in the original vector position i element of the first encrypted payload ciphertext and the position j element of the second encrypted vector payload.
- the result e.g., sum
- extended flexibility of homomorphic operation may be provided on elements that are encrypted in the same payload, so that regardless of positions, the operation can be performed on data elements under encryption (e.g., ciphertext payload) without the need to decrypt the payload and perform such operations on the plaintext elements.
- the example implementation always maintains the elements as encrypted, while allowing flexible operation on the elements (e.g., adding vector elements, regardless of their position inside the vector).
- FIG. 9 shows an example environment suitable for some example implementations.
- Environment 900 includes devices 905 - 945 , and each is communicatively connected to at least one other device via, for example, network 960 (e.g., by wired and/or wireless connections). Some devices may be communicatively connected to one or more storage devices 930 and 945 .
- Devices 905 - 945 may be computing device 1005 described below in FIGS. 10A and 10B .
- Devices 905 - 945 may include, but are not limited to, a computer 905 (e.g., a laptop computing device), a mobile device 910 (e.g., smartphone or tablet), a television 915 , a device associated with a vehicle 920 , a server computer 925 , computing devices 935 - 940 , storage devices 930 and 945 .
- devices 905 - 920 may be considered user devices (e.g., devices used by users to access services and/or issue requests, such as on a social network).
- Devices 925 - 945 may be devices associated with service providers (e.g., used by service providers to provide services and/or store data, such as webpages, text, text portions, images, image portions, audios, audio segments, videos, video segments, and/or information thereabout).
- a client may perform operations associated with the foregoing example implementations, such as FIG. 8 above, including the unpacking operations of the example implementation, using device 905 or 910 on a network supported by one or more devices 925 - 940 .
- a server may perform operations associated with the foregoing example implementations, such as FIG. 7 above using, including the packing operations of the example implementation, using device 945 , via network 950 .
- FIGS. 10A-10B shows example computing environments with an example computing devices suitable for use in some example implementations.
- the common elements of FIGS. 10A and 10B are discussed together, for the sake of clarity and conciseness.
- Computing device 1005 in computing environment 1000 can include one or more processing units, cores, or processors 1010 , memory 1015 (e.g., RAM, ROM, and/or the like), internal storage 1020 (e.g., magnetic, optical, solid state storage, and/or organic), and/or I/O interface 1025 , any of which can be coupled on a communication mechanism or bus 1030 for communicating information or embedded in the computing device 1005 .
- memory 1015 e.g., RAM, ROM, and/or the like
- internal storage 1020 e.g., magnetic, optical, solid state storage, and/or organic
- I/O interface 1025 any of which can be coupled on a communication mechanism or bus 1030 for communicating information or embedded in the computing device 1005 .
- Computing device 1005 can be communicatively coupled to input/user interface 1035 and output device/interface 1040 .
- Either one or both of input/user interface 1035 and output device/interface 1040 can be a wired or wireless interface and can be detachable.
- Input/user interface 1035 may include any device, component, sensor, or interface, physical or virtual, that can be used to provide input (e.g., buttons, touch-screen interface, keyboard, a pointing/cursor control, microphone, camera, braille, motion sensor, optical reader, and/or the like).
- Output device/interface 1040 may include a display, television, monitor, printer, speaker, braille, or the like.
- input/user interface 1035 and output device/interface 1040 can be embedded with or physically coupled to the computing device 1005 .
- other computing devices may function as or provide the functions of input/user interface 1035 and output device/interface 1040 for a computing device 1005 .
- Examples of computing device 1005 may include, but are not limited to, highly mobile devices (e.g., smartphones, devices in vehicles and other machines, devices carried by humans and animals, and the like), mobile devices (e.g., tablets, notebooks, laptops, personal computers, portable televisions, radios, and the like), and devices not designed for mobility (e.g., desktop computers, other computers, information kiosks, televisions with one or more processors embedded therein and/or coupled thereto, radios, and the like).
- highly mobile devices e.g., smartphones, devices in vehicles and other machines, devices carried by humans and animals, and the like
- mobile devices e.g., tablets, notebooks, laptops, personal computers, portable televisions, radios, and the like
- devices not designed for mobility e.g., desktop computers, other computers, information kiosks, televisions with one or more processors embedded therein and/or coupled thereto, radios, and the like.
- Computing device 1005 can be communicatively coupled (e.g., via I/O interface 1025 ) to external storage 1045 and network 1050 for communicating with any number of networked components, devices, and systems, including one or more computing devices of the same or different configuration.
- Computing device 1005 or any connected computing device can be functioning as, providing services of, or referred to as a server, client, thin server, general machine, special-purpose machine, or another label.
- the I/O interface 1025 may include wireless communication components (not shown) that facilitate wireless communication over a voice and/or over a data network.
- the wireless communication components may include an antenna system with one or more antennae, a radio system, a baseband system, or any combination thereof.
- Radio frequency (RF) signals may be transmitted and received over the air by the antenna system under the management of the radio system.
- I/O interface 1025 can include, but is not limited to, wired and/or wireless interfaces using any communication or I/O protocols or standards (e.g., Ethernet, 802.11x, Universal System Bus, WiMax, modem, a cellular network protocol, and the like) for communicating information to and/or from at least all the connected components, devices, and network in computing environment 1000 .
- Network 1050 can be any network or combination of networks (e.g., the Internet, local area network, wide area network, a telephonic network, a cellular network, satellite network, and the like).
- Computing device 1005 can use and/or communicate using computer-usable or computer-readable media, including transitory media and non-transitory media.
- Transitory media include transmission media (e.g., metal cables, fiber optics), signals, carrier waves, and the like.
- Non-transitory media include magnetic media (e.g., disks and tapes), optical media (e.g., CD ROM, digital video disks, Blu-ray disks), solid state media (e.g., RAM, ROM, flash memory, solid-state storage), and other non-volatile storage or memory.
- Computing device 1005 can be used to implement techniques, methods, applications, processes, or computer-executable instructions in some example computing environments.
- Computer-executable instructions can be retrieved from transitory media, and stored on and retrieved from non-transitory media.
- the executable instructions can originate from one or more of any programming, scripting, and machine languages (e.g., C, C++, C#, Java, Visual Basic, Python, Perl, JavaScript, and others).
- processor(s) 1010 can execute under any operating system (OS) (not shown), in a native or virtual environment.
- OS operating system
- One or more applications can be deployed that include logic unit 1060 , application programming interface (API) unit 1065 , input unit 1070 , output unit 1075 , multiple value unpacking engine 1080 , cryptographic engine 1085 , third party interface 1090 , and inter-unit communication mechanism 1095 for the different units to communicate with each other, with the OS, and with other applications (not shown).
- API application programming interface
- multiple value unpacking engine 1080 , cryptographic engine 1085 , and third party interface 1090 may implement one or more processes shown in FIGS. 6 and 8 .
- the described units and elements can be varied in design, function, configuration, or implementation and are not limited to the descriptions provided.
- API unit 1065 when information or an execution instruction is received by API unit 1065 , it may be communicated to one or more other units (e.g., logic unit 1060 , input unit 1070 , output unit 1075 , multiple value unpacking engine 1080 , cryptographic engine 1085 , and third party interface 1090 ).
- the multiple value unpacking engine 1080 may perform the left shifting (e.g., unpacking) and multiplication as described above with respect to FIGS. 6 and 8 .
- the cryptographic engine 1085 may encrypt IDs of the client, or other values as necessary to perform the operations explained above with respect to FIGS. 6 and 8 .
- the third party interface 1090 may permit a third party, such as a user, operator or administrator, to interface with the computing environment.
- input unit 1070 may use API unit 1065 to communicate the request to multiple value unpacking engine 1080 .
- Multiple value unpacking engine 1080 may, via API unit 1065 , interact with the cryptographic engine 1085 to detect and process the request.
- multiple value unpacking engine 1080 may interact with third party interface 1090 to permit a third party to view or manage the operations at the client side.
- logic unit 1060 may be configured to control the information flow among the units and direct the services provided by API unit 1065 , input unit 1070 , output unit 1075 , multiple value unpacking engine 1080 , cryptographic engine 1085 , and third party interface 1090 in some example implementations described above.
- the flow of one or more processes or implementations may be controlled by logic unit 1060 alone or in conjunction with API unit 1065 .
- processor(s) 1010 can execute under any operating system (OS) (not shown), in a native or virtual environment.
- OS operating system
- One or more applications can be deployed that include logic unit 1060 , application programming interface (API) unit 1065 , input unit 1070 , output unit 1075 , multiple value packing engine 1082 , server side encryption unit 1087 , third party interface 1092 , and inter-unit communication mechanism 1095 for the different units to communicate with each other, with the OS, and with other applications (not shown).
- multiple value packing engine 1082 , server side encryption unit 1087 , and third party interface 1092 may implement one or more processes shown in FIGS. 7 and 8 .
- the described units and elements can be varied in design, function, configuration, or implementation and are not limited to the descriptions provided.
- API unit 1065 when information or an execution instruction is received by API unit 1065 , it may be communicated to one or more other units (e.g., logic unit 1060 , input unit 1070 , output unit 1075 , multiple value packing engine 1082 , server side encryption unit 1087 , and third party interface 1092 ).
- the multiple value packing engine 1082 may perform the generating of each the single payloads and the encrypting of the data values in each of the single payloads (e.g., packing) as described above with respect to FIGS. 7 and 8 .
- the server side encryption unit 1087 may encrypt IDs of the server, or other values as necessary to perform the operations explained above with respect to FIGS. 7 and 8 .
- the third party interface 1092 may permit a third party, such as a user, operator or administrator, to interface with the computing environment from the server side.
- input unit 1070 may use API unit 1065 to communicate the request to multiple value packing engine 1082 .
- Multiple value packing engine 1082 may, via API unit 1065 , interact with the server side encryption unit 1087 to detect and process the request.
- multiple value packing engine 1082 may interact with third party interface 1092 to permit a third party to view or manage the operations at the server side.
- logic unit 1060 may be configured to control the information flow among the units and direct the services provided by API unit 1065 , input unit 1070 , output unit 1075 , multiple value packing engine 1082 , server side encryption unit 1087 , and third party interface 1092 in some example implementations described above.
- the flow of one or more processes or implementations may be controlled by logic unit 1060 alone or in conjunction with API unit 1065 .
- a component may be a stand-alone software package, or it may be a software package incorporated as a “tool” in a larger software product. It may be downloadable from a network, for example, a website, as a stand-alone product or as an add-in package for installation in an existing software application. It may also be available as a client-server software application, as a web-enabled software application, and/or as a mobile application.
- the users may be provided with an opportunity to control whether programs or features collect user information (e.g., information about a user's social network, social actions or activities, profession, a user's preferences, or a user's current location), or to control whether and/or how to receive content from the content server that may be more relevant to the user.
- user information e.g., information about a user's social network, social actions or activities, profession, a user's preferences, or a user's current location
- certain data may be treated in one or more ways before it is stored or used, so that personally identifiable information is removed.
Abstract
Description
- Field
- The subject matter discussed herein relates generally to data processing and, more particularly, to systems and methods for homomorphic encryption using a multiple value packing scheme.
- Related Background
- In the related art, a database, database as a service, or cloud database operation may be performed. More specifically, the database server may holds the data of the user (e.g., user transport data), and the user may perform an operation on the data (e.g., a query). The user may have data which is sensitive, which he or she does not want the server (e.g., cloud owner) to know.
- Homomorphic cryptography, such as Paillier cryptography, includes many properties. For example, given two values V1 and V2 (referred to as plaintexts), E(V1)=C1 (i.e., encrypting V1 resulting the ciphertext C1) and E(V2)=C2. One of the properties of homomorphic cryptography is that the product of two ciphertexts C1 and C2 will decrypt to the sum of their corresponding plaintexts V1 and V2.
- With an increasing volume of data and number of transactions being handled on the server side, there is a need to reduce a number of bytes that must be transferred to implement homomorphic cryptography.
- The subject matter includes computer-implemented methods for performing homomorphic encryption to generate a summation, including, at a client, receiving a plurality of encrypted payloads, and of the encrypted payloads having a plurality of data values; and multiplying one or more of the data values of one of the encrypted payloads by one or more other data values in one or more of the other encrypted payloads, to generate a product that represents the summation of data values corresponding to the multiplied one or more data values of the one of the encrypted payloads and the one or more other data values in the one or more other of the encrypted payloads.
- The subject matter also includes a computer-implemented method of performing homomorphic encryption to generate a summation, including at a server, at a server, generating a plurality of encrypted payloads, each having a plurality of data values, wherein the data values of each of the encrypted payloads are positioned at a lower half of each of the encrypted payloads, and an upper half of each of the encrypted payloads is empty.
- Further, the subject matter includes a computer-implemented method of performing homomorphic encryption to generate a summation, the method including at a server, generating a plurality of encrypted payloads, each having a plurality of data values; and at a client, receiving each of the encrypted payloads having the plurality of data values; and multiplying one or more of the data values of one of the encrypted payloads by one or more other data values in one or more of the other encrypted payloads, to generate a product that represents the summation of data values corresponding to the multiplied one or more data values of the encrypted payloads and the one or more of the other data values in the one or more other encrypted payloads.
- The methods are implemented using one or more computing devices and/or systems. The methods may be stored in computer-readable media.
-
FIG. 1 shows a related art approach to packing -
FIG. 2 shows a related art approach to unpacking -
FIG. 3 shows an architecture for the packing tool and the unpacking tool according to an example implementation. -
FIG. 4 shows a packing process according to an example implementation. -
FIG. 5 shows an unpacking process according to an example implementation. -
FIG. 6 illustrates a system process associated with the example implementation. -
FIG. 7 illustrates a server process associated with the example implementation. -
FIG. 8 illustrates a client process associated with the example implementation. -
FIG. 9 shows an example environment suitable for some example implementations. -
FIGS. 10A and 10B show example computing environments with respective example computing devices suitable for use in some example implementations. - The subject matter described herein is taught by way of example implementations. Various details have been omitted for the sake of clarity and to avoid obscuring the subject matter. The examples shown below are directed to structures and functions for implementing systems and methods associated with a multiple value packing scheme for homomorphic encryption.
-
FIG. 1 illustrates a related art approach tohomomorphic encryption 100, employing Paillier encryption (e.g., multiplication of ciphertext, addition of plaintext). Aclient 101 and aserver 103 are provided. At 105, theclient 101 performs an encryption of a plurality of IDs X1 . . . Xn . . . using commutative encryption with key f. The result of the encryption performed at 105 by theclient 101 is sent to theserver 103. For example, the commutative encryption may be exponentiation with a secret exponent modulo a large prime. - At 107, the
server 103 receives the encrypted IDs f(X1) . . . f(Xn) . . . from theclient 101, and performs an encryption operation with key g, and sends g(X1) . . . g(Xn) to theclient 101. Further, theserver 103 encrypts server IDs Y1 . . . Ym with key g, and sends g(Y1) . . . g(Ym) to theclient 101, along with the value (e.g., spend) Si, encrypted with Paillier homomorphic encryption E. The encrypted values of the numbers are provided to theclient 101 as individual, separate payloads for each of the numbers (e.g., spend values). - At 111, at the
client 101, the server IDs g(X1) . . . g(Xn) are further encrypted with key f to generate fg(Y1) . . . fg(Ym). At 113, theclient 101 performs a checking operation to determine if there is a match or intersection between gf(Xi) and fg(Yj). Such a match or intersection would indicate that Xi equals Yj. - At 115, for the intersections, the
client 101 multiplies all of the values of E(Sj), which are the encrypted values of Sj, to generate a product, which will be the same as the encryption of the sum of the clear values of Sj. Theclient 101 may request theserver 103 to decrypt the product and return the sum. To avoid revealing the sum during the return process, theclient 101 may perform a blinding operation, i.e., multiply the product by E(r), to return a random number r. - At 117, the
server 103 Paillier decrypts and returns the result to theclient 101. To obtain the clear sum, theclient 101 subtracts random number r from the result sent by theserver 103 to theclient 101. -
FIG. 2 illustrates arelated art approach 200 tooperation 109 as explained above. For the sake of clarity, further explanation of the same reference numerals as discussed above with respect toFIG. 1 is omitted. More specifically, inoperation 109, theserver 103 sends an encrypted ID and the associated Paillier encrypted spend value (e.g., g(Yi) along with E(Si)). -
FIG. 3 illustrates anexample architecture 300. Aclient side module 303 is provided that generates IDs of the client, and sends the encrypted IDs via the Internet 305, for example, to theserver side module 307. Theserver side module 307 may encrypt data received from theclient side module 303, such as the client-encrypted IDs. The server side module also controls the server packing tool 309. - The server packing tool 309 includes a
packing tool operator 311, which controls the server packing tool 309. For example, multiple data values may be packed into a single payload at the command of thepacking tool operator 311, such that the server packing tool 309 provides a plurality of such encrypted payloads to theserver side module 307. Theserver side module 307 provides the encrypted payloads to theclient side module 303. Further details of the encrypted payloads are discussed below with respect toFIG. 4 . - The client unpacking
tool 301 receives the encrypted single payloads. More specifically, anunpacking tool operator 313 performs a series of left-shifting operations on each of the single payloads from theclient side module 303, which were in turn received from theserver side module 307. The left-shifting operations use exponentiation to shift the values within the single payloads, such that the desired value is in a prescribed position. When the left-shifting operation has been completed, a product of the encrypted data values is obtained at the clientunpacking tool 301, which is associated with a sum of the plaintext values. Optionally, theclient side module 303 may blind the product, and request for theserver side module 303 to decrypt and return a blinded sum to the client side module, which unblinds the blinded sum to obtain the plaintext sum that represents the value (e.g., spend value). -
FIG. 4 shows an example of a process implementation associated with a packing operation according to the example implementation. As shown inFIG. 4 , a client 401 is provided to communicate with aserver 403. At the client 401, as noted above inelement 105 with respect toFIGS. 1 and 2 , theclient 101 performs an encryption of a plurality of IDs X1 . . . Xn . . . using commutative encryption with key f. The result of the encryption performed at 105 by theclient 101 is sent to theserver 103. For example, but not by way of limitation, the commutative encryption may be exponentiation with a secret exponent modulo a large prime. - At the
server 403, in 407, theserver 403 receives the encrypted IDs f(X1) . . . f(Xn) . . . from the client 401, and performs an encryption operation with key g, and optionally sends g(X1) . . . g(Xn) to the client 401. Further, at 409, theserver 403 sends to the server 401 the value (e.g., spend) Si, encrypted with Paillier homomorphic encryption E. Optionally, theserver 403 encrypts server IDs Y1 . . . Ym with key g, and sends g(Y1) . . . g(Ym) to the client 401. - According to the example implementation, at 409, the
server 403 includes (e.g., packs) multiple values (e.g., four spend values S1 . . . S4) into a single Paillier payload, which are then encrypted and sent to the client 401. Within each of the plurality of single payloads, each of the values is separated from other values by a 32-bit guard. In other words, 32 bits of space is provided between S1 and S2, for example. The purpose of the spacing is to allow carryover to not intrude onto neighboring numbers. Thus, for example, but not by way of limitation, 128 bits may be used to represent each number, assuming that the numbers are 64-bit integers (e.g., int64) having 96 bits of representation, and 32 bits of zeroes as a guard or separator between neighboring numbers. As a result, up to 2̂32 possible values may be used without a carryover problem. - While int64 is used in the example implementation, the present inventive concept is not limited thereto, and other sizes of integer, payload and spacing may be used as would be understood by those skilled in the art, without departing from the scope of the inventive concept. For example, but not by way of limitation, these values may be determined based on the application.
- Further, the values only cover the lower half of each of the encrypted payloads. The most significant (e.g., upper) half is kept empty. As explained below with respect to
FIG. 5 , the upper half may be employed during the unpacking operation for a shifting process. - Accordingly, multiple spend values are packed into each of the single payloads by the
server 403, and are encrypted and sent to the client 401. Accordingly, the number of bytes that need to be transferred may be reduced by 1/N, where N is the number of values on each of the single payloads. In the present example, the number of bytes that need to be transferred would be reduced by ¼ (i.e., one-fourth). - At 411, at the client 401, the server IDs g(X1) . . . g(Xn) are further encrypted with key f to generate fg(Y1) . . . fg(Ym). At 413, the client 401 performs a checking operation to determine if there is a match or intersection between gf(Xi) and fg(Yj). Such a match or intersection would indicate that Xi equals Yj. As explained in greater detail below with respect to
FIG. 5 , an unpacking operation is performed that involves a shifting operation. - At 415, for the intersections, the client 401 multiplies all of the values of E(Sj), which are the encrypted values of Sj, to generate a product, which will be the same as the encryption of the sum of the clear values of Sj. The client 401 may request the
server 403 to decrypt the product and return the sum. To avoid revealing the sum during the return process, the client 401 may perform a blinding operation, i.e., multiply the product by E(r), to return a random number r. - At 417, the
server 403 Paillier decrypts and returns the result to theclient 403. To obtain the clear sum, the client 401 subtracts random number r from the result sent by theserver 403 to the client 401. -
FIG. 5 illustrates an unpacking operation according to an example implementation. As shown inFIG. 5 ,server 503 provides thepayload 505 to theclient 501. Thepayload 505 is discussed above with respect toFIG. 4 , and further details are omitted for the sake of clarity. - In the example implementation of
FIG. 5 , theclient 501 needs to multiply the encrypted values of E(S3), E(S1), E(S8) and E(S6). Accordingly, these encrypted values must be positioned at a prescribed position in the payload. For example, the encrypted values of E(S3), E(S1), E(S8) and E(S6) are positioned in thefourth position 507 inFIG. 5 . Accordingly, the encrypted values in all other positions will be ignored. - Accordingly, the encrypted values of E(S3), E(S1), E(S8) and E(S6) must be shifted to the
fourth position 507 to perform the multiplication of these encrypted values. To accomplish the shifting, the Paillier-encrypted ciphertext is exponentiated by 2, which moves the corresponding plaintext value one bit to the left. - For example, to move E(S3) to the fourth position, and shift the plaintext S3 by 128 bits, it is necessary to exponentiate the ciphertext by 128×1 value. In the second payload, to shift E(S1) three positions to the left, thus placing E(S1) in the fourth position on the payload, the ciphertext is exponentiated to 128×3, to shift it to the left by 3 positions. With respect to E(S8), this is already in the fourth position and does not need to be shifted. Next, with respect to E(S6), this is in the second position and needs to be moved to the fourth position, and thus needs to be exponentiated with 128×2, in order to shift to the fourth position in the plaintext.
- Accordingly, the ciphertext product of the encrypted data values that is produced represents a sum of the plaintext associated with a sum of the data values of the ciphertext. As a result, in the foregoing example implementation, the shifted ciphertext is multiplied to produce a ciphertext, for which the underlying plaintext is the sum of S3+S1+S8+S6.
- At the
client 501, the server IDs g(X1) . . . g(Xn) are further encrypted with key f to generate fg(Y1) . . . fg(Ym). Theclient 501 thus performs a checking operation to determine if there is a match or intersection between gf(Xi) and fg(Yj). Such a match or intersection would indicate that Xi equals Yj. - For the intersections, the
client 501 multiplies all of the values of E(Sj) associated with the each of the plurality of single payloads, which are the encrypted values of Sj, to generate a product, which will be the same as the encryption of the sum of the clear values of Sj. Theclient 501 may request theserver 503 to decrypt the product and return the sum. To avoid revealing the sum during the return process, theclient 501 may perform a blinding operation, i.e., multiply the product by E(r), to return a random number r. - The
server 503 then Paillier decrypts and returns the result to theclient 501. To obtain the clear sum, theclient 501 subtracts random number r from the result sent by theserver 503 to theclient 501. - In the foregoing example implementation, when the
client 501 receives the decryption from theserver 503, theclient 501 may ignore numbers in the position other than theprescribed position 507. Thus, theclient 501 only needs to extract the value of the prescribed position (e.g., fourth position inelement 507 ofFIG. 5 ). Further, because of the 32 guard bits adjacent to each encrypted data value, adding to the neighboring encrypted data values does not carry over into other positions. - While the foregoing example implementations refer to packing with 64 bit integers, other values may be substituted therefor. For example but not by way of limitation, ten (10) numbers could be packed into each of the encrypted payloads, which would reduce the bandwidth needed by 1/10. Such an approach may be adopted, for example, when the largest value is not greater than 1,000,000 (e.g., a spend value not greater than one million dollars).
- As an alternative to the foregoing example implementation, a Damgard version of Paillier encryption may be employed. For example, but not by way of limitation, ciphertexts that are (s+1)/s times larger than the payload may be employed. In the case of direct Paillier encryption, s has a value of 1, and there is an expansion of (1+1)/1)=2. On the other hand, if s having a value of 3 is used, then a (3+1)/2=4/3 expansion would result. Thus, a 4096 bit (e.g., 512 byte) ciphertext and a 3072 bit payload results, such that 30 numbers can be fit into the payload. Accordingly, each encryption has a greater associated cost, but fewer encryptions are required, due to the larger numbers.
-
FIGS. 6-8 illustrate example processes associated with the foregoing example implementation. In some examples, processes 600-800 may be implemented with different, fewer, or more blocks. Processes 600-800 may be implemented as computer executable instructions, which can be stored on a medium, loaded onto one or more processors of one or more computing devices, and executed as a computer-implemented method. -
FIG. 6 illustrates an example process 600 according to one or more of the foregoing example implementations. At 605, a client encrypts a plurality of values X1 . . . Xn. For example, but not by way of limitation, the values X1 . . . Xn may be encrypted using a Paillier encryption scheme. The corresponding encrypted values f(X1) . . . f(Xn) are then provided to a server. - At 610, a server receives the encrypted values f(X1) . . . f(Xn) and performs an encryption operation on these values. The resulting values encrypted by the server (e.g., Paillier encryption) are provided to the client as gf(X1) . . . gf(Xn). Also at 610, the server encrypts (e.g., Paillier encryption) and sends g(Y1) . . . g(Ym) to the client. Further, at 610, a plurality of single payloads E[(S1) . . . (Sn)], each including a plurality of the values (e.g., spend values), are generated. The single payloads E[(S1) . . . (Sn)] each maintain the most significant bits (e.g., upper half) as empty, and provide the encrypted data values in the lower half As explained above, the encrypted data values are spaced apart by guard bits in each of the payloads E[(S1) . . . (Sn)].
- As explained below in greater detail, optionally, at 610 an operation may be performed at the server on the encrypted data values, wherein the encrypted data values E[(S1) . . . (Sn)] represent a vector of one or more of the data values at a plurality of positions. According to the operation, at least one of multiplying the encrypted payloads E[(S1) . . . (Sn)] by an encryption of constant values, and multiplying the encrypted payloads E[(S1) . . . (Sn)] to shift the positions of the data values that are associated with the vector, in the payload, may be performed.
- At 615 and 620 operations are performed to determine an intersection based on matching between the IDs provided by the client and the server. At 615, the client encrypts g(Y1) . . . g(Ym) to obtain fg(Y1) . . . fg(Ym). Then, the client checks for a match between fg(Yj) and the above-explained gf(Xi) at 620. Based on
operations - At 625, a shifting operation is performed as explained above with respect to
FIGS. 4 and 5 . For example, but not by way of limitation, for the values of E(Sj) with respect to the above-derived intersection, the shifting and exponentiation process as described above is performed. Accordingly, the encrypted data values as represented by E(Sj) at the appropriate left-shifted position are multiplied, for each of the encrypted payloads E[(S1) . . . (Sn)]. Thus, a product of the encrypted data values in each of the single payloads E[(S1) . . . (Sn)], that is associated with a sum of the plaintext values, is generated. - Optionally, as a part of the multiplying operation of 625 at the client, and as noted above, the one or more data values of the one of the encrypted payloads E[(S1) . . . (Sn)] may be at a first position (i) in the vector, and may be multiplied by the one or more other data values in the one or more of the other encrypted payloads E[(R1) . . . (Rn)] that may be at a second position (j) in the second vector, to generate the above-noted product that represents the summation of the data values corresponding to the multiplied one or more data values of the one of the encrypted payloads being the encrypted value of (Si+Rj) in the resulted encrypted vector E[(U1) . . . (Un)]. Namely a third position (k) is such that Uk=Si+Rj in the resulting encrypted vector.
- Optionally,
operations operation 630, the client performs an encryption operation on the product by encrypting a random number r to generate an encrypted value of the random number r as E(r), which is multiplied by the product. A request is sent to the server to decrypt the blinded product. The server thus decrypts the blinded product, and returns the blinded sum to the client. Atoperation 635, the client receives the blind sum and subtracts r to generate the plaintext sum. -
FIG. 7 illustrates aprocess 700 according to an example implementation associated with example server-side operations of the present inventive concept. Some aspects previously explained above with respect toFIG. 6 are not repeated herein, for the sake of clarity and conciseness. - Optionally, at
operation 705, a server receives f(X1) . . . f(Xn) from, for example, a client, which are encrypted values of client IDs X1 . . . Xn. The server performs an encryption of f(X1) . . . f(Xn) to generate and send gf(X1) . . . gf(Xn) to the client. Further, the server generates and encrypts IDs Y1 . . . Ym, and thus sends g(Y1) . . . g(Ym) to the client. - At
operation 710, data values S1 . . . Sn are placed in a single payload E[(S1) . . . (Sn)] and an encryption operation is performed on the data values, to generate encrypted data values E(S1) . . . E(Sn), which are spaced apart by guard bits as explained above. As also explained above, the encrypted data values E(S1) . . . E(Sn) are positioned in the lower half of each of the payloads, such that the upper half of the payloads (e.g., most significant bits) is left empty. - As explained below in greater detail, optionally, at 710 an operation may be performed at the server on the encrypted data values, wherein the encrypted data values E[(S1) . . . (Sn)] represent a vector of one or more of the data values at a plurality of positions. According to the operation, at least one of multiplying the encrypted payloads E[(S1) . . . (Sn)] by an encryption of constant values, and multiplying the encrypted payloads E[(S1) . . . (Sn)] to shift the positions of the data values that are associated with the vector, in the payload, may be performed.
- At
operation 715, the server optionally receives a request to decrypt a blinded product for E(Sj). For example, the server may receive the blinded request as explained above inFIG. 6 . Atoperation 720, the blinded product is decrypted and provided to the client. -
FIG. 8 illustrates aprocess 800 according to an example implementation associated with example client-side operations of the present inventive concept. Some aspects previously explained above with respect toFIG. 6 are not repeated herein, for the sake of clarity and conciseness. - At 805, the client encrypts IDs X1 . . . Xn as f(X1) . . . f(Xn), and sends the encrypted values to the server. At 810, the client receives server-encrypted values of the client IDs X1 . . . Xn as gf(X1) . . . gf(Xn) and encrypted IDs of the server IDs Y1 . . . Ym as g(Y1) . . . g(Ym). Further, the client receives a plurality of packed payloads, each including E[(S1) . . . (Sn)] as a single payload with upper half empty and lower occupied with the data values, as explained above with respect to
FIG. 6 . - At 815 and 820 operations are performed to determine an intersection based on matching between the IDs provided by the client and the server. At 815, the client encrypts g(Y1) . . . g(Ym) to obtain fg(Y1) . . . fg(Ym). Then, the client checks for a match between fg(Yj) and the above-explained gf(Xi) at 820. Based on
operations - At 825, a shifting operation is performed as explained above with respect to
FIGS. 4 and 5 . For example, but not by way of limitation, for the values of E(Sj) for the plurality of single payloads E[(S1) . . . (Sn)], with respect to the above-derived intersection, the shifting and exponentiation process as described above is performed. Accordingly, the encrypted data values as represented by E(Sj) at the appropriate left-shifted position are multiplied. Thus, a product of the encrypted data values that is associated with a sum of the plaintext values is generated. - Optionally, as a part of the multiplying operation of 825 at the client, and as noted above, the one or more data values of the one of the encrypted payloads E[(S1) . . . (Sn)] may be at a first position (i) in the vector, and may be multiplied by the one or more other data values in the one or more of the other encrypted payloads E[(R1) . . . (Rn)] that may be at a second position (j) in the second vector, to generate the above-noted product that represents the summation of the data values corresponding to the multiplied one or more data values of the one of the encrypted payloads being the encrypted value of (Si+Rj) in the resulted encrypted vector E[(U1) . . . (Un)]. Namely, a third position (k) is such that Uk=Si+Rj in the resulting encrypted vector.
- Optionally,
operations operation 830, the client performs an encryption operation on the product by encrypting a random number r to generate an encrypted value of the random number r as E(r), which is multiplied by the product. A request is sent to the server to decrypt the blinded product. The server thus decrypts the blinded product, and returns the blinded sum to the client. Atoperation 835, the client receives the blind sum and subtracts r to generate the plaintext sum. - In addition to the foregoing example implementation, other example implementations may be provided. For example, but not by way of limitation, the plurality of the elements in the payload may be a vector, as explained below.
- Ciphertexts of public key encryption may be large with respect to the plaintext data element, which is substantially shorter than the ciphertexts. Further, the sum of the plaintexts is substantially shorter than the size of a ciphertext. Accordingly, in this alternative example implementation, the encryption payload may represent a plurality or a positioned plurality (e.g., a vector) of element values, and may thus save significant space.
- According to this alternative example implementation, multiplying the encrypted payload adds the payload element in the vector per-position, and may simplify the adding of a position i at a first vector encryption with position j element, where j is different from i, at a second vector encryption.
- Thus, the present example implementation provides a method that allows the homomorphic operation to be performed across the positions. Accordingly, the resulting encrypted vector will have at some position k the result (e.g., sum) of the elements in the original vector position i element of the first encrypted payload ciphertext and the position j element of the second encrypted vector payload.
- Accordingly, extended flexibility of homomorphic operation may be provided on elements that are encrypted in the same payload, so that regardless of positions, the operation can be performed on data elements under encryption (e.g., ciphertext payload) without the need to decrypt the payload and perform such operations on the plaintext elements. The example implementation always maintains the elements as encrypted, while allowing flexible operation on the elements (e.g., adding vector elements, regardless of their position inside the vector).
-
FIG. 9 shows an example environment suitable for some example implementations.Environment 900 includes devices 905-945, and each is communicatively connected to at least one other device via, for example, network 960 (e.g., by wired and/or wireless connections). Some devices may be communicatively connected to one ormore storage devices - An example of one or more devices 905-945 may be computing
device 1005 described below inFIGS. 10A and 10B . Devices 905-945 may include, but are not limited to, a computer 905 (e.g., a laptop computing device), a mobile device 910 (e.g., smartphone or tablet), atelevision 915, a device associated with avehicle 920, aserver computer 925, computing devices 935-940,storage devices - In some implementations, devices 905-920 may be considered user devices (e.g., devices used by users to access services and/or issue requests, such as on a social network). Devices 925-945 may be devices associated with service providers (e.g., used by service providers to provide services and/or store data, such as webpages, text, text portions, images, image portions, audios, audio segments, videos, video segments, and/or information thereabout).
- For example, a client may perform operations associated with the foregoing example implementations, such as
FIG. 8 above, including the unpacking operations of the example implementation, usingdevice device 945, vianetwork 950. -
FIGS. 10A-10B shows example computing environments with an example computing devices suitable for use in some example implementations. The common elements ofFIGS. 10A and 10B are discussed together, for the sake of clarity and conciseness. -
Computing device 1005 incomputing environment 1000 can include one or more processing units, cores, or processors 1010, memory 1015 (e.g., RAM, ROM, and/or the like), internal storage 1020 (e.g., magnetic, optical, solid state storage, and/or organic), and/or I/O interface 1025, any of which can be coupled on a communication mechanism orbus 1030 for communicating information or embedded in thecomputing device 1005. -
Computing device 1005 can be communicatively coupled to input/user interface 1035 and output device/interface 1040. Either one or both of input/user interface 1035 and output device/interface 1040 can be a wired or wireless interface and can be detachable. Input/user interface 1035 may include any device, component, sensor, or interface, physical or virtual, that can be used to provide input (e.g., buttons, touch-screen interface, keyboard, a pointing/cursor control, microphone, camera, braille, motion sensor, optical reader, and/or the like). Output device/interface 1040 may include a display, television, monitor, printer, speaker, braille, or the like. In some example implementations, input/user interface 1035 and output device/interface 1040 can be embedded with or physically coupled to thecomputing device 1005. In other example implementations, other computing devices may function as or provide the functions of input/user interface 1035 and output device/interface 1040 for acomputing device 1005. - Examples of
computing device 1005 may include, but are not limited to, highly mobile devices (e.g., smartphones, devices in vehicles and other machines, devices carried by humans and animals, and the like), mobile devices (e.g., tablets, notebooks, laptops, personal computers, portable televisions, radios, and the like), and devices not designed for mobility (e.g., desktop computers, other computers, information kiosks, televisions with one or more processors embedded therein and/or coupled thereto, radios, and the like). -
Computing device 1005 can be communicatively coupled (e.g., via I/O interface 1025) toexternal storage 1045 andnetwork 1050 for communicating with any number of networked components, devices, and systems, including one or more computing devices of the same or different configuration.Computing device 1005 or any connected computing device can be functioning as, providing services of, or referred to as a server, client, thin server, general machine, special-purpose machine, or another label. - The I/
O interface 1025 may include wireless communication components (not shown) that facilitate wireless communication over a voice and/or over a data network. The wireless communication components may include an antenna system with one or more antennae, a radio system, a baseband system, or any combination thereof. Radio frequency (RF) signals may be transmitted and received over the air by the antenna system under the management of the radio system. - I/
O interface 1025 can include, but is not limited to, wired and/or wireless interfaces using any communication or I/O protocols or standards (e.g., Ethernet, 802.11x, Universal System Bus, WiMax, modem, a cellular network protocol, and the like) for communicating information to and/or from at least all the connected components, devices, and network incomputing environment 1000.Network 1050 can be any network or combination of networks (e.g., the Internet, local area network, wide area network, a telephonic network, a cellular network, satellite network, and the like). -
Computing device 1005 can use and/or communicate using computer-usable or computer-readable media, including transitory media and non-transitory media. Transitory media include transmission media (e.g., metal cables, fiber optics), signals, carrier waves, and the like. Non-transitory media include magnetic media (e.g., disks and tapes), optical media (e.g., CD ROM, digital video disks, Blu-ray disks), solid state media (e.g., RAM, ROM, flash memory, solid-state storage), and other non-volatile storage or memory. -
Computing device 1005 can be used to implement techniques, methods, applications, processes, or computer-executable instructions in some example computing environments. Computer-executable instructions can be retrieved from transitory media, and stored on and retrieved from non-transitory media. The executable instructions can originate from one or more of any programming, scripting, and machine languages (e.g., C, C++, C#, Java, Visual Basic, Python, Perl, JavaScript, and others). - As shown in
FIG. 10A , processor(s) 1010 can execute under any operating system (OS) (not shown), in a native or virtual environment. One or more applications can be deployed that includelogic unit 1060, application programming interface (API)unit 1065,input unit 1070,output unit 1075, multiple value unpacking engine 1080, cryptographic engine 1085,third party interface 1090, andinter-unit communication mechanism 1095 for the different units to communicate with each other, with the OS, and with other applications (not shown). For example, multiple value unpacking engine 1080, cryptographic engine 1085, andthird party interface 1090 may implement one or more processes shown inFIGS. 6 and 8 . The described units and elements can be varied in design, function, configuration, or implementation and are not limited to the descriptions provided. - In some example implementations, when information or an execution instruction is received by
API unit 1065, it may be communicated to one or more other units (e.g.,logic unit 1060,input unit 1070,output unit 1075, multiple value unpacking engine 1080, cryptographic engine 1085, and third party interface 1090). For example, the multiple value unpacking engine 1080 may perform the left shifting (e.g., unpacking) and multiplication as described above with respect toFIGS. 6 and 8 . The cryptographic engine 1085 may encrypt IDs of the client, or other values as necessary to perform the operations explained above with respect toFIGS. 6 and 8 . Thethird party interface 1090 may permit a third party, such as a user, operator or administrator, to interface with the computing environment. Afterinput unit 1070 has detected a request,input unit 1070 may useAPI unit 1065 to communicate the request to multiple value unpacking engine 1080. Multiple value unpacking engine 1080 may, viaAPI unit 1065, interact with the cryptographic engine 1085 to detect and process the request. UsingAPI unit 1065, multiple value unpacking engine 1080 may interact withthird party interface 1090 to permit a third party to view or manage the operations at the client side. - In some instances,
logic unit 1060 may be configured to control the information flow among the units and direct the services provided byAPI unit 1065,input unit 1070,output unit 1075, multiple value unpacking engine 1080, cryptographic engine 1085, andthird party interface 1090 in some example implementations described above. For example, the flow of one or more processes or implementations may be controlled bylogic unit 1060 alone or in conjunction withAPI unit 1065. - As shown in
FIG. 10B , processor(s) 1010 can execute under any operating system (OS) (not shown), in a native or virtual environment. One or more applications can be deployed that includelogic unit 1060, application programming interface (API)unit 1065,input unit 1070,output unit 1075, multiplevalue packing engine 1082, server side encryption unit 1087,third party interface 1092, andinter-unit communication mechanism 1095 for the different units to communicate with each other, with the OS, and with other applications (not shown). For example, multiplevalue packing engine 1082, server side encryption unit 1087, andthird party interface 1092 may implement one or more processes shown inFIGS. 7 and 8 . The described units and elements can be varied in design, function, configuration, or implementation and are not limited to the descriptions provided. - In some example implementations, when information or an execution instruction is received by
API unit 1065, it may be communicated to one or more other units (e.g.,logic unit 1060,input unit 1070,output unit 1075, multiplevalue packing engine 1082, server side encryption unit 1087, and third party interface 1092). For example, the multiplevalue packing engine 1082 may perform the generating of each the single payloads and the encrypting of the data values in each of the single payloads (e.g., packing) as described above with respect toFIGS. 7 and 8 . The server side encryption unit 1087 may encrypt IDs of the server, or other values as necessary to perform the operations explained above with respect toFIGS. 7 and 8 . Thethird party interface 1092 may permit a third party, such as a user, operator or administrator, to interface with the computing environment from the server side. Afterinput unit 1070 has detected a request,input unit 1070 may useAPI unit 1065 to communicate the request to multiplevalue packing engine 1082. Multiplevalue packing engine 1082 may, viaAPI unit 1065, interact with the server side encryption unit 1087 to detect and process the request. UsingAPI unit 1065, multiplevalue packing engine 1082 may interact withthird party interface 1092 to permit a third party to view or manage the operations at the server side. - In some instances,
logic unit 1060 may be configured to control the information flow among the units and direct the services provided byAPI unit 1065,input unit 1070,output unit 1075, multiplevalue packing engine 1082, server side encryption unit 1087, andthird party interface 1092 in some example implementations described above. For example, the flow of one or more processes or implementations may be controlled bylogic unit 1060 alone or in conjunction withAPI unit 1065. - Any of the software components described herein may take a variety of forms. For example, a component may be a stand-alone software package, or it may be a software package incorporated as a “tool” in a larger software product. It may be downloadable from a network, for example, a website, as a stand-alone product or as an add-in package for installation in an existing software application. It may also be available as a client-server software application, as a web-enabled software application, and/or as a mobile application.
- In situations or examples in which the implementations discussed herein collect personal information about users, or may make use of personal information, the users may be provided with an opportunity to control whether programs or features collect user information (e.g., information about a user's social network, social actions or activities, profession, a user's preferences, or a user's current location), or to control whether and/or how to receive content from the content server that may be more relevant to the user. In addition, certain data may be treated in one or more ways before it is stored or used, so that personally identifiable information is removed.
- Although a few example implementations have been shown and described, these example implementations are provided to convey the subject matter described herein to people who are familiar with this field. It should be understood that the subject matter described herein may be implemented in various forms without being limited to the described example implementations. The subject matter described herein can be practiced without those specifically defined or described matters or with other or different elements or matters not described. It will be appreciated by those familiar with this field that changes may be made in these example implementations without departing from the subject matter described herein as defined in the appended claims and their equivalents.
Claims (22)
Priority Applications (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/590,479 US9641318B2 (en) | 2015-01-06 | 2015-01-06 | Systems and methods for a multiple value packing scheme for homomorphic encryption |
CN201910247605.3A CN109905227B (en) | 2015-01-06 | 2015-11-10 | System and method for multi-value packing scheme for homomorphic encryption |
GB201806390A GB2558834B (en) | 2015-01-06 | 2015-11-10 | Systems and methods for a multiple value packing scheme for homomorphic encryption |
PCT/US2015/059874 WO2016111745A1 (en) | 2015-01-06 | 2015-11-10 | Systems and methods for a multiple value packing scheme for homomorphic encryption |
CN201580072625.1A CN107113162B (en) | 2015-01-06 | 2015-11-10 | The system and method for multivalue packing scheme for homomorphic cryptography |
GB1712423.1A GB2549237B (en) | 2015-01-06 | 2015-11-10 | Systems and methods for a multiple value packing scheme for homomorphic encryption |
DE112015005893.1T DE112015005893B4 (en) | 2015-01-06 | 2015-11-10 | Systems and Methods for a Multi-Value Packing Scheme for Homomorphic Encryption |
US15/381,449 US9847871B2 (en) | 2015-01-06 | 2016-12-16 | Systems and methods for a multiple value packing scheme for homomorphic encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/590,479 US9641318B2 (en) | 2015-01-06 | 2015-01-06 | Systems and methods for a multiple value packing scheme for homomorphic encryption |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/381,449 Continuation US9847871B2 (en) | 2015-01-06 | 2016-12-16 | Systems and methods for a multiple value packing scheme for homomorphic encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
US20160359617A1 true US20160359617A1 (en) | 2016-12-08 |
US9641318B2 US9641318B2 (en) | 2017-05-02 |
Family
ID=54705823
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/590,479 Active 2035-11-08 US9641318B2 (en) | 2015-01-06 | 2015-01-06 | Systems and methods for a multiple value packing scheme for homomorphic encryption |
US15/381,449 Active US9847871B2 (en) | 2015-01-06 | 2016-12-16 | Systems and methods for a multiple value packing scheme for homomorphic encryption |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/381,449 Active US9847871B2 (en) | 2015-01-06 | 2016-12-16 | Systems and methods for a multiple value packing scheme for homomorphic encryption |
Country Status (5)
Country | Link |
---|---|
US (2) | US9641318B2 (en) |
CN (2) | CN109905227B (en) |
DE (1) | DE112015005893B4 (en) |
GB (2) | GB2558834B (en) |
WO (1) | WO2016111745A1 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170103394A1 (en) * | 2015-10-13 | 2017-04-13 | Grant Colhoun | Systems and methods for facilitating secure electronic transactions |
US10681035B1 (en) * | 2016-04-22 | 2020-06-09 | Walgreen Co | Cryptographic services engine |
US10749666B2 (en) | 2017-10-31 | 2020-08-18 | Alibaba Group Holding Limited | Data statistics method and apparatus |
US11356241B2 (en) | 2020-04-15 | 2022-06-07 | Sap Se | Verifiable secret shuffle protocol for encrypted data based on homomorphic encryption and secret sharing |
US11368281B2 (en) * | 2020-04-15 | 2022-06-21 | Sap Se | Efficient distributed secret shuffle protocol for encrypted database entries using dependent shufflers |
US11368296B2 (en) * | 2020-04-15 | 2022-06-21 | Sap Se | Communication-efficient secret shuffle protocol for encrypted data based on homomorphic encryption and oblivious transfer |
US11411725B2 (en) | 2020-04-15 | 2022-08-09 | Sap Se | Efficient distributed secret shuffle protocol for encrypted database entries using independent shufflers |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019010430A2 (en) * | 2017-07-06 | 2019-01-10 | Robert Bosch Gmbh | Method and system for privacy-preserving social media advertising |
US11250116B2 (en) * | 2019-10-25 | 2022-02-15 | Visa International Service Association | Optimized private biometric matching |
CN110851869B (en) * | 2019-11-14 | 2023-09-19 | 深圳前海微众银行股份有限公司 | Sensitive information processing method, device and readable storage medium |
US11494510B2 (en) | 2021-03-04 | 2022-11-08 | Inmarket Media, Llc | Multi-touch attribution and control group creation using private commutative encrypted match service |
CN113505386A (en) * | 2021-07-26 | 2021-10-15 | 上海点融信息科技有限责任公司 | Data processing method and device based on block chain and homomorphic algorithm and storage medium |
CN113922944B (en) * | 2021-10-20 | 2023-12-22 | 张家口佰信网络科技有限公司 | Quantum homomorphic encryption and decryption method based on multi-value single quantum state |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070171050A1 (en) * | 2005-06-27 | 2007-07-26 | Nec Corporation | Method for managing data in a wireless sensor network |
US20080212780A1 (en) * | 2005-06-03 | 2008-09-04 | Koninklijke Philips Electronics, N.V. | Homomorphic Encryption For Secure Watermarking |
US20130097417A1 (en) * | 2011-10-13 | 2013-04-18 | Microsoft Corporation | Secure private computation services |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8352380B2 (en) * | 2004-05-19 | 2013-01-08 | France Telecom | Method and system for generating a list signature |
US7860244B2 (en) * | 2006-12-18 | 2010-12-28 | Sap Ag | Secure computation of private values |
US8630422B2 (en) | 2009-11-10 | 2014-01-14 | International Business Machines Corporation | Fully homomorphic encryption method based on a bootstrappable encryption scheme, computer program and apparatus |
US8625782B2 (en) | 2010-02-09 | 2014-01-07 | Mitsubishi Electric Research Laboratories, Inc. | Method for privacy-preserving computation of edit distance of symbol sequences |
US8667062B2 (en) | 2011-02-22 | 2014-03-04 | Nokia Corporation | Method and apparatus for preserving privacy for appointment scheduling |
WO2014113132A2 (en) * | 2012-11-16 | 2014-07-24 | Raytheon Bbn Technologies Corp. | Method for secure symbol comparison |
WO2014137394A1 (en) * | 2013-03-04 | 2014-09-12 | Thomson Licensing | Privacy-preserving ridge regression using partially homomorphic encryption and masks |
CN103401871B (en) * | 2013-08-05 | 2016-08-10 | 苏州大学 | A kind of ciphertext method for sequencing towards homomorphic cryptography and system |
-
2015
- 2015-01-06 US US14/590,479 patent/US9641318B2/en active Active
- 2015-11-10 GB GB201806390A patent/GB2558834B/en active Active
- 2015-11-10 GB GB1712423.1A patent/GB2549237B/en active Active
- 2015-11-10 CN CN201910247605.3A patent/CN109905227B/en active Active
- 2015-11-10 WO PCT/US2015/059874 patent/WO2016111745A1/en active Application Filing
- 2015-11-10 CN CN201580072625.1A patent/CN107113162B/en active Active
- 2015-11-10 DE DE112015005893.1T patent/DE112015005893B4/en active Active
-
2016
- 2016-12-16 US US15/381,449 patent/US9847871B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080212780A1 (en) * | 2005-06-03 | 2008-09-04 | Koninklijke Philips Electronics, N.V. | Homomorphic Encryption For Secure Watermarking |
US20070171050A1 (en) * | 2005-06-27 | 2007-07-26 | Nec Corporation | Method for managing data in a wireless sensor network |
US20130097417A1 (en) * | 2011-10-13 | 2013-04-18 | Microsoft Corporation | Secure private computation services |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170103394A1 (en) * | 2015-10-13 | 2017-04-13 | Grant Colhoun | Systems and methods for facilitating secure electronic transactions |
US10681035B1 (en) * | 2016-04-22 | 2020-06-09 | Walgreen Co | Cryptographic services engine |
US10749666B2 (en) | 2017-10-31 | 2020-08-18 | Alibaba Group Holding Limited | Data statistics method and apparatus |
US11356241B2 (en) | 2020-04-15 | 2022-06-07 | Sap Se | Verifiable secret shuffle protocol for encrypted data based on homomorphic encryption and secret sharing |
US11368281B2 (en) * | 2020-04-15 | 2022-06-21 | Sap Se | Efficient distributed secret shuffle protocol for encrypted database entries using dependent shufflers |
US11368296B2 (en) * | 2020-04-15 | 2022-06-21 | Sap Se | Communication-efficient secret shuffle protocol for encrypted data based on homomorphic encryption and oblivious transfer |
US11411725B2 (en) | 2020-04-15 | 2022-08-09 | Sap Se | Efficient distributed secret shuffle protocol for encrypted database entries using independent shufflers |
Also Published As
Publication number | Publication date |
---|---|
CN107113162B (en) | 2019-04-16 |
CN109905227B (en) | 2021-10-01 |
US20170149558A1 (en) | 2017-05-25 |
CN109905227A (en) | 2019-06-18 |
US9847871B2 (en) | 2017-12-19 |
GB2549237B (en) | 2018-06-27 |
GB2558834B (en) | 2019-12-25 |
CN107113162A (en) | 2017-08-29 |
GB2558834A (en) | 2018-07-18 |
GB201712423D0 (en) | 2017-09-13 |
GB2549237A (en) | 2017-10-11 |
WO2016111745A1 (en) | 2016-07-14 |
GB201806390D0 (en) | 2018-06-06 |
DE112015005893T5 (en) | 2017-09-21 |
DE112015005893B4 (en) | 2021-08-12 |
US9641318B2 (en) | 2017-05-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9847871B2 (en) | Systems and methods for a multiple value packing scheme for homomorphic encryption | |
US11558358B2 (en) | Secure analytics using homomorphic and injective format-preserving encryption | |
US10903976B2 (en) | End-to-end secure operations using a query matrix | |
US10972251B2 (en) | Secure web browsing via homomorphic encryption | |
US9037870B1 (en) | Method and system for providing a rotating key encrypted file system | |
EP3100407B1 (en) | Systems and methods for faster public key encryption using the associated private key portion | |
CN111555880B (en) | Data collision method and device, storage medium and electronic equipment | |
CN111798236B (en) | Transaction data encryption and decryption methods, devices and equipment | |
US20160142208A1 (en) | Multi-dimensional encryption | |
Kolapwar | An improved geo-encryption algorithm in location based services | |
CN113742774B (en) | Data processing method and device, readable medium and electronic equipment | |
CN117556434A (en) | Data encryption and decryption method and device, electronic equipment and storage medium | |
CN115001649A (en) | Batch encryption method, related device, system, equipment, medium and program product | |
CN115277973A (en) | Image processing method, system and related equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: GOOGLE INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PATEL, SARVAR;YUNG, MARCEL M.M.;REEL/FRAME:034645/0764 Effective date: 20150105 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: GOOGLE LLC, CALIFORNIA Free format text: CHANGE OF NAME;ASSIGNOR:GOOGLE INC.;REEL/FRAME:044097/0658 Effective date: 20170929 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |